Развертывание Linux при помощи Cobbler
Сергей Яремчук
# rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm
# yum install cobbler koan
# yum install yum-utils httpd xinetd cman
# cobbler check
server: 192.168.17.209
next_server: 192.168.17.209
# yum install dhcp bind
# yum install dnsmasq
manage_dhcp: 1
manage_dns: 1
# cat /etc/cobbler/modules.conf
[dns]
# module = manage_bind
module = manage_dnsmasq
[dhcp]
# module = manage_isc
module = manage_dnsmasq
# setsebool -P httpd_can_network_connect true
# /usr/sbin/semanage fcontext -a -t public_content_t "/var/lib/tftpboot/.*" && /usr/sbin/semanage fcontext -a -t public_content_t "/var/www/cobbler/images/.*"
# nano /etc/selinux/config
# nano /etc/xinetd.d/tftp
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /tftpboot
disable = no
per_source = 11
cps = 100 2
flags = IPv4
}
[authentication]
# module = authn_denyall # блокировка аутентификации
module = authn_configfile
# htdigest /etc/cobbler/users.digest "Cobbler" cobbler
# nano /etc/cobbler/dhcp.template
subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.1;
option domain-name-servers 192.168.1.1;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.1.100 192.168.1.200;
filename "/pxelinux.0";
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;
}
# cobbler sync
# service xinetd restart
# service cobblerd restart
# service dhcpd restart
# service httpd restart
# service named restart
# chkconfig dhcpd on
# chkcondig httpd on
# chkconfig xinetd on
# chkconfig named on
# chkconfig cobblerd on
# mount -t auto -o loop ./CentOS-5.4-x86_64-bin.iso /media/iso
# cobbler import --mirror=/media/iso --name=Centos5.4 --arch=x86_64
cobbler distro add --name=string --kernel=path --initrd=path [--kopts=string] [--ksmeta=string] [--arch=x86|x86_64|ia64] [--breed=redhat|debian|suse]
# cobbler list
# cobbler profile list
# cobbler profile report --name=Centos5.4-x86_64
# cobbler profile copy --name=Centos5.4-x86_64 --newname=web-server
# cobbler profile edit --name=web-server --kickstart=/var/lib/cobbler/kickstarts/web-server.ks
# cobbler repo list
# cobbler repo add --name=Centos5-RPMFORGE --mirror= http://fr2.rpmfind.net/linux/dag/redhat/el5/en/x86_64/rpmforge/ --priority=40 --createrepo-flags="-c cache" --arch= x86_64
# cobbler sync
# cobbler reposync
cobbler repo add \
--name=centos5.4-x86_64-DVD-base \
--mirror=http://192.168.17.209/cobbler/ks_mirror/CentOS5.4- x86_64/ \
--keep-updated=N \ # отключаем обновление
--mirror-locally=0 \
--arch= x86_64
--repos="centos5.4-x86_64-DVD-base Centos5-RPMFORGE "
# cobbler system add --name=web01 --profile=web-server --mac=00:01:02:03:04:05
# cobbler system list
# cobbler system report
# cobbler buildiso
# cobbler buildiso --systems="web01"
# cobbler buildiso --distro=Centos5.4-x86_64 --standalone
-----------------------------------------------------------------------------------------------------------------
Upgrade Advisor. Переходим с SQL Server 2000/2005 на 2008 (R2)
Алексей Шуленин
/* Скрипт, содержащий нормальные команды для SQL Server 2005,
* но неподдерживаемые с точки зрения SQL Server 2008 */
--Неподдерживаемые более:
use tempdb
backup log AdventureWorks_2005 with truncate_only
use AdventureWorks_2005
if exists (select 1 from sys.database_principals where type = 'R' and name = 'Test')
exec sp_dropgroup @rolename = 'Test'
exec sp_addgroup @grpname = 'Test'
--Deprecated, т.е. в 2008 поддерживаются, но в следующей версии – не факт:
--Будет заменена на databasepropertyex
select databaseproperty('AdventureWorks_2005', 'Version')
--Sp_dboption в целом заменяется командой alter database; в данном случае действие эквивалентно
--ALTER DATABASE ... SET RECOVERY SIMPLE
exec sp_dboption @dbname = 'AdventureWorks_2005', @optname = 'trunc. log on chkpt.', @optvalue = 'true'
--Хинт заменен на OPTION (FAST N)
select * from Production.Product with (fastfirstrow)
select * from Production.Product order by Name collate SQL_AltDiction_CP1253_CS_AS
select * from Production.Product p, Production.ProductSubcategory sc, Production.ProductCategory c
--Заменен на синтаксис ANSI left/right outer join
where p.ProductSubcategoryID *= sc.ProductSubcategoryID and sc.ProductCategoryID *= c.ProductCategoryID
--Замена на varchar/varbinary(max)
declare @t table (fld1 text, fld2 image)
declare @db_id int, @tbl_id int; select @db_id = db_id(), @tbl_id = object_id('Production.Product'); dbcc pintable(@db_id, @tbl_id)
-----------------------------------------------------------------------------------------------------------------
ClearOS... всерьез? Часть вторая
Алексей Барабанов
> mkdir NotSoClearOS
> sudo mount clearos-enterprise-5.1.iso -o loop /mnt
> T=$(pwd) ; cd /mnt ; cp -a . $T/NotSoClearOS ; cd $T
> sudo umount /mnt
> sudo mount -o loop CentOS-5.4-i386-bin-DVD.iso /mnt
> sudo cp -f /mnt/isolinux/{initrd.img,vmlinuz} NotSoClearOS/isolinux
> sudo cp -f /mnt/images/stage2.img NotSoClearOS/images
> sudo umount /mnt
> sudo sed -i "/upgradeany/c append initrd=initrd.img ramdisk_blocksize=1024 text askmethod upgradeany ks=cdrom:/ks.cfg" NotSoClearOS/isolinux/isolinux.cfg
> cd NotSoClearOS ; wget http://www.barabanov.ru/arts/notsoclearos/ks.cfg
> sudo rm -r NotSoClearOS/images/{pxeboot,xen,diskboot.img,minstg2.img}
> mkisofs -R -r -J -T -l -b isolinux/isolinux.bin \
-c isolinux/boot.cat -x lost+found -V NotSoClearOS \
-publisher \"$(whoami)\" -p \"$(whoami)\" \
-sysid \"$(uname)\" -iso-level 4 -no-emul-boot \
-boot-load-size 4 -boot-info-table -allow-leading-dots \
-allow-multidot -pad -allow-lowercase \
-o clearos-enterprise-5.1-plus.iso NotSoClearOS && \
implantisomd5 --supported-iso --force clearos-enterprise-5.1-plus.iso
> rpm -qpi suva-* compat-suv* system-log* | grep License | awk '{print $4 " " $5}'
[root@system ~]# mount
-----------------------------------------------------------------------------------------------------------------
Установка TrackStudio 3.5 на сервер без графического интерфейса
Евгений Коровкин
$ tar zxvf TrackStudio_3573_unix_with_jre.tar.gz
$ chmod +x jetty && sudo jetty
mysql -u track -p trackstudio <"trackstudio-mysql.sql"
hibernate.dialect org.hibernate.dialect.MySQLInnoDBDialect
hibernate.connection.driver_class com.mysql.jdbc.Driver
hibernate.connection.url jdbc:mysql://localhost/trackstudio?useUnicode=true &characterEncoding=UTF-8&autoReconnect=true
-----------------------------------------------------------------------------------------------------------------
Конфиденциальность гарантируется. Применение криптосистемы GnuPG в масштабах предприятия
Владимир Медведев
$ sudo aptitude install sks
$ sudo sks build
$ sudo sks db
$ sudo chown -Rc debian-sks:debian-sks /var/lib/sks/DB
initstart=yes
mkdir -p `dirname "$SKSDBPID"`
chown debian-sks `dirname "$SKSDBPID"`
$ sudo /etc/init.d/sks start
# Имя узла сервера SKS
hostname: sks.domain.local
# Адрес, к которому будет привязан HKP
hkp_address: sks.domain.local
# Порт HKP, который будет прослушивать сервер
hkp_port: 11371
# E-mail администратора, использующийся при синхронизации с другими серверами ключей
from_addr: "PGP Key Server Administrator "
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\GNU\GnuPG]
"Install Directory"="C:\\Program Files\\GNU\\GnuPG"
-----------------------------------------------------------------------------------------------------------------
bugtraq, стр. 48
$ nc localhost 25
$ ls -la /tmp/foo
-----------------------------------------------------------------------------------------------------------------
PPTPD с авторизацией через Active Directory
Константин Пронин
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
# Ставим имя своего локального домена Active Directory
default_realm = OFFICE.MYFIRM.RU
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
OFFICE.MYFIRM.RU = {
kdc = 192.168.1.1:88
admin_server = 192.168.1.1:749
default_domain = office.myfirm.ru
}
[domain_realm]
# Обращаем внимание на точку вначале
.office.myfirm.ru = OFFICE.MYFIRM.RU
office.myfirm.ru = OFFICE.MYFIRM.RU
[kdc]
profile = /var/lib/kerberos/krb5kdc/kdc.conf
[pam]
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
# kinit -V admin@OFFICE.MYFIRM.RU
# klist
[global]
workgroup = office.myfirm.ru
server string = lambda
local master = no
log file = /var/log/samba/log.%m
max log size = 50
realm = office.myfirm.ru
security = ads
password server = server
encrypt passwords = yes
winbind separator = \
winbind use default domain = yes
winbind uid = 10000-20000
winbind gid = 10000-20000
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = no
use sendfile = yes
# /etc/init.d/samba start
# /etc/init.d/winbind start
# net ads join -S ip_адрес_PDC -U admin
# wbinfo -p
# wbinfo -u
# wbinfo -g
# IP-адрес нашего сервера, смотрящего в локальную сеть
localip 192.168.1.242
# Адреса, которые будут выдаваться клиентам
remoteip 10.0.0.101-200
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 10.0.0.1
ms-wins 10.0.0.1
proxyarp
lock
nobsdcomp
novj
novjccomp
nologfd
auth
nodefaultroute
plugin winbind.so
ntlm_auth-helper "/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1"
ntlm_auth-helper "/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 --require-membership-of=OFFICE\PPTP-USERS"
-----------------------------------------------------------------------------------------------------------------
Перенос телефонных линий между офисами на базе IP-АТС Asterisk и Linksys
Дмитрий Нестеркин
;Настройки SPA8000
;Этот контекст мы отвели для внутренних номеров, вписываемых вручную
[office]
;Стандартный контекст Elastix для добавочных номеров
include => from-internal-custom
exten => 8001,1,Dial(SIP/8001,,t)
exten => 8002,1,Dial(SIP/8002,,t)
exten => 8003,1,Dial(SIP/8003,,t)
exten => 8004,1,Dial(SIP/8004,,t)
exten => 8005,1,Dial(SIP/8005,,t)
exten => 8006,1,Dial(SIP/8006,,t)
exten => 8007,1,Dial(SIP/8007,,t)
exten => 8008,1,Dial(SIP/8008,,t)
;Этот контекст мы отвели под городские линии
[from-pstn]
;По умолчанию звонок приходит секретарю на номер 8001
exten=>spa400,n,Goto(office,8001,1)
canreinvite=no
context=from-trunk
dtmfmode=rfc2833
host=192.168.10.40
incominglimit=4
nat=yes
port=5060
qualify=yes
type=friend
username=spa400
register=spa400@192.168.10.40/spa400
[spa400]
type=friend
user=spa400
;IP-адрес SPA400
host=192.168.20.40
dtmfmode=rfc2833
canreinvite=no
context=from-trunk
insecure=very
;Имя транка для SPA400
[spa400]
disallow=all
;Мы используем кодек G.711U
allow=ulaw
canreinvite=no
context=from-trunk
dtmfmode=rfc2833
host=192.168.10.40
incominglimit=4
nat=yes
port=5060
qualify=yes
type=friend
;Совпадает с именем пользователя в настройках SPA400
username=spa400
;Один из добавочных номеров, добавленный через веб-интерфейс
[1001]
deny=0.0.0.0/0.0.0.0
type=friend
secret=P@ssw0rd
qualify=yes
port=5060
pickupgroup=
permit=0.0.0.0/0.0.0.0
nat=yes
mailbox=1001@device
host=dynamic
dtmfmode=rfc2833
dial=SIP/1001
;В нашем случае можно также указать контекст office
context=from-internal
canreinvite=no
callgroup=
callerid=device <1001>
accountcode=
call-limit=50
;Контекст для порта №1
[from-trunk-spa400-1]
exten => _1.,1,Dial(SIP/spa400/L1${EXTEN})
exten => _1.,n,Congestion
DEVICE=ipsec0
TYPE=IPSEC
ONBOOT=yes
IKE_METHOD=PSK
SRCGW=192.168.10.5
DSTGW=192.168.10.33
SRCNET=192.168.10.0/27
DSTNET=192.168.10.32/27
DST=87.65.43.21
IKE_PSK=ipT3l3phonY
;
remote 87.65.43.21
{
exchange_mode main, aggressive;
my_identifier address;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2 ;
}
}
path include "/etc/racoon";
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";
#После тестирования значение следует заменить на notify
log debug;
padding
{
#Максимальная длина интервалов между пакетами
maximum_length 20;
#Разрешить/запретить случайную длину
randomize off;
#Разрешить/запретить жесткую проверку
strict_check off;
#Извлечь последний октет
exclusive_tail off;
}
listen
{
isakmp 12.34.56.78 [500];
}
## IKE, фаза 1
remote 87.65.43.21
{
exchange_mode main,aggressive;
my_identifier address 85.236.7.158;
lifetime time 28800 seconds;
#Возможны значения obey, strict, claim
proposal_check obey;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key ;
dh_group 2 ;
}
}
## IKE, фаза 2
sainfo address 192.168.10.5/27 any address 192.168.10.32/27 any
{
pfs_group 2;
lifetime time 28800 seconds ;
encryption_algorithm 3des, des ;
authentication_algorithm hmac_sha1, hmac_md5 ;
compression_algorithm deflate ;
}
sainfo address 192.168.10.32/27 any address 192.168.10.5/27 any
{
pfs_group 2;
lifetime time 28800 seconds ;
encryption_algorithm 3des, des ;
authentication_algorithm hmac_sha1, hmac_md5 ;
compression_algorithm deflate ;
}
#Данная строка добавляется автоматически при активации тоннеля, вписывать ее не нужно
include "/etc/racoon/193.233.70.167.conf";
# !/sbin/setkey -f
flush;
spdflush;
#Исходящий трафик
spdadd 192.168.10.5/27 192.168.10.32/27 any -P out ipsec esp/tunnel/85.236.7.158-193.233.70.167/require;
#Входящий трафик
spdadd 192.168.10.32/27 192.168.10.5/27 any -P in ipsec esp/tunnel/193.233.70.167-85.236.7.158/require;
87.65.43.21 ipT3l3phonY
[doylenet]
name=Doylenet custom repository for CentOS
baseurl=http://files.doylenet.net/linux/yum/centos/5/i386/doylenet/
gpgcheck=1
gpgkey=http://files.doylenet.net/linux/yum/centos/RPM-GPG-KEY-rdoyle
enabled=1
#authorisation
Name pptpd
#encription
refuse-pap
refuse-chap
require-mschap-v2
require-mpppe-128
#misc
nodefaultroute
nobsdcomp
nodeflate
#plugins
auth
require-mppe
client_name pptpd client_password "*"
option /etc/ppp/options.pptpd
localip 12.34.56.78
remoteip 192.168.10.35
-----------------------------------------------------------------------------------------------------------------
Возможности языка PHP. Часть вторая
Кирилл Сухов
userListServiceImpl
com.samag.server.UserListServiceImpl
userListServiceImpl
/mailbox/users
package com.samag.client;
import com.google.gwt.user.client.rpc.RemoteService;
import com.google.gwt.user.client.rpc.RemoteServiceRelativePath;
@RemoteServiceRelativePath("users")
public interface UserListService extends RemoteService {
String usersServer();
}
package com.samag.client;
import com.google.gwt.user.client.rpc.AsyncCallback;
public interface UserListServiceAsync {
void usersServer(AsyncCallback callback);
}
package com.samag.server;
import com.samag.client.UserListService;
import com.google.gwt.user.server.rpc.RemoteServiceServlet;
public class UserListServiceImpl extends RemoteServiceServlet implements
UserListService {
@Override
public String usersServer() {
return "test RPC";
}
}
private void getUsers(Grid grid) {
if (userListSvc == null) {
userListSvc = GWT.create(UserListService.class);
}
userListSvc.usersServer(new AsyncCallback() {
public void onFailure( Throwable caught) {
System.out.println(SERVER_ERROR);
}
public void onSuccess(String result) {
Window.alert(result);
}
});
}
private UserListServiceAsync userListSvc = GWT.create(UserListService.class);
package com.samag.client;
public class UserData {
private int id;
private String name;
private String email;
private int active;
public UserData(int id, String name, String email, int active) {
this.id=id;
this.name = name;
this.email = email;
this.active = active;
}
public int getId() { return this.id; }
public String getName() { return this.name; }
public String getEmail() {return this.email; }
public int getActive() {return this.active; }
public void setIde(int id) { this.id = id; }
/* здесь остальные «сеттеры» */
}
package com.samag.server;
import com.samag.client.UserData;
import com.samag.client.UserListService;
import com.google.gwt.user.server.rpc.RemoteServiceServlet;
public class UserListServiceImpl extends RemoteServiceServlet implements
UserListService {
UserData User;
UserData[] UserList;
private static final long serialVersionUID = 1L;
@Override
public UserData[] usersServer() {
UserList=new UserData[4];
User= new UserData(1, "Иванов", "ivanov@gwt.ru", 1);
UserList[0]=User;
User= new UserData(2, "Сидоров", "sidorov@gwt.ru", 1);
...
return UserList;
}
}
userListSvc.usersServer(new AsyncCallback() {
public void onFailure( Throwable caught) {
System.out.println(SERVER_ERROR);
}
public void onSuccess(UserData[] result) {
Window.alert(result.toString());
}
});
package com.samag.client;
import com.google.gwt.user.client.rpc.RemoteService;
import com.google.gwt.user.client.rpc.RemoteServiceRelativePath;
@RemoteServiceRelativePath("users")
public interface UserListService extends RemoteService {
UserData[] usersServer();
}
package com.samag.client;
import com.google.gwt.user.client.rpc.AsyncCallback;
public interface UserListServiceAsync {
void usersServer(AsyncCallback asyncCallback);
}
package com.samag.client;
import java.io.Serializable;
public class UserData implements Serializable{
private static final long serialVersionUID = 1L;
private int id;
private int id;
private String name;
private String email;
private int active;
public UserData() {
}
public class UserListServiceImpl extends RemoteServiceServlet implements
UserListService {
UserData User;
UserData[] UserList;
private static final long serialVersionUID = 1L;
private void getUsers(final Grid mailGrid) {
if (userListSvc == null) {
userListSvc = GWT.create(UserListService.class);
}
userListSvc.usersServer(new AsyncCallback() {
public void onFailure( Throwable caught) {
System.out.println(SERVER_ERROR);
}
public void onSuccess(UserData[] result) {
updateTable(result);
}
public void updateTable( UserData[] users) {
int rows, newRow;
for(UserData user:users){
rows=mailGrid.getRowCount();
newRow=mailGrid.insertRow(rows);
mailGrid.setText(newRow, 0, String.valueOf(user.getId()));
mailGrid.setText(newRow, 1, user.getName());
mailGrid.setText(newRow, 1, user.getEmail());
mailGrid.setWidget(newRow, 3, new ActiveButton(mailGrid,user.getActive()));
mailGrid.setWidget(newRow, 4, new delButton(mailGrid,newRow));
}
}
});
}
package com.samag.client;
...
import com.google.gwt.user.client.rpc.AsyncCallback;
public class delButton extends Button {
private static UserListServiceAsync userListSvc = GWT.create(UserListService.class);
public delButton(final Grid grid,final int row) {
super("Delete", new ClickHandler() {
public void onClick(ClickEvent event) {
if (userListSvc == null) {
userListSvc = GWT.create(UserListService.class);
}
userListSvc.deleteUser(row, new AsyncCallback() {
public void onFailure( Throwable caught) {
// обработка ошибки
}
public void onSuccess(UserData[] result) {
Window.alert("Удаляем ряд"+row);
grid.removeRow(row);
}
});
}
});
}
}
@Override
public void deleteUser(int row, UserData[] usr) {
// код для удаления записи
}
public interface UserListService extends RemoteService {
UserData[] usersServer();
UserData[] deleteUser(int row);
}
public interface UserListServiceAsync {
void usersServer(AsyncCallbackasyncCallback);
void deleteUser(int row, AsyncCallback ?
callback);
}
{
"firstName": "John",
"lastName": "Smith",
"age": 25,
"address": {
"streetAddress": "21 2nd Street",
"city": "New York",
"state": "NY",
"postalCode": "10021"
},
"phoneNumber": [
{ "type": "home", "number": "212 555-1234" },
{ "type": "fax", "number": "646 555-4567" }
],
"newSubscription": false,
"companyName": null
}
public class JsonUserList extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
PrintWriter out = resp.getWriter();
out.println('[');
out.println(" {");
out.print(" \"ID\": \"");
out.print(1);
out.println("\",");
out.print(" \"Name\": ");
out.print("Иванов");
out.println(',');
out.print(" \"Email\": ");
out.println("ivanov@gwt.ru");
out.println(" },");
out.println(']');
out.flush();
}
}
JsonUserList
com.samag.server.JsonUserList
JsonUserList
/mailbox/jonsusers
private final native JsArrayasArrayOfJsonUserList String json) /*-{ return eval(json); }-*/;
public final native int getId() /*-{ return this.ID; }-*/;
public final native String getName() /*-{ return this.name; }-*/;
public final native double getEmail() /*-{ return this.Email; }-*/;
package com.samag.client;
import com.google.gwt.core.client.JavaScriptObject;
class JsonUserList exends JavaScriptObject {
protected JsonUserList() {}
public final native int getId() /*-{ return this.ID; }-*/;
public final native String getName() /*-{ return this.name; }-*/;
public final native double getEmail() /*-{ return this.Email; }-*/;
}
private void() {
String url = GWT.getModuleBaseURL() + "jonsusers";
url = URL.encode(url);
RequestBuilder builder = new RequestBuilder(RequestBuilder.GET, url);
Request request = builder.sendRequest(null, new RequestCallback() {
public void onResponseReceived(Request request, Response response) {
if (200 == response.getStatusCode()) {
// здесь пишем код, обновляющий таблицу
} else {
// здесь обрабатываем ошибку
}
}
@Override
public void onError(Request request, Throwable exception) {
// TODO Auto-generated method stub
}
});
}
-----------------------------------------------------------------------------------------------------------------